AMENDMENTS TO THE CLAIMS 



This listing of claims will replace all prior versions, and listings, of claims 
in the application: 

Listing of Claims: 

1 1 . (Currently amended) A method that facilitates secure electronic 

2 commerce, comprising: 

3 providing a consumer with a file of security data relating to an account 

4 maintained by a financial institution, wherein the file of security data is provided 

5 to the consumer on a smart card , and wherein the file of security data includes: 

6 a consumer identifier, 

7 a private key for encryption and authentication of data, 

8 a first public key related to the private key for decryption 

9 and authentication of data, 

10 an identifier identifying the financial institution, 

1 1 a second public key belonging to the financial institution, 

1 2 the account number that has been encrypted with a key 

13 known only to the financial institution creating an encrypted 

14 account number, 

1 5 a first certificate signed by a recognized certificate authority 

1 6 that validates the financial institution, 

17 a second certificate signed by the financial institution that 

1 8 validates the consumer, and 

19 computer algorithms to use the file of security data; 

20 creating a financial transaction between the consumer and a merchant, 

21 wherein the financial transaction is protected using security data from the file, and 

2 
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22 wherein the financial transaction is structured to contain an account number in a 

23 form that is undecipherable by the merchant, thereby prevent the merchant from 

24 knowing the account number for the account; 

25 validating by the merchant that the financial institution identified by the 

26 financial transaction is acceptable using security data from the file; 

27 requesting by the merchant that the financial institution authorize the 

28 financial transaction; 

29 receiving by the merchant an authorization from the financial institution to 

30 complete the financial transaction; 

3 1 completing the financial transaction between the consumer and the 

32 merchant; and 

33 notifying the financial institution that the financial transaction is complete. 
1 2-3 (Canceled). 

1 4. (Currently amended) The method of claim 3 claim 1 , wherein protecting 

2 the financial transaction involves: 

3 creating a first hash of the financial transaction; and 

4 encrypting the first hash, the second certificate, and the encrypted account 

5 number using the second public key creating a secure envelope of transaction 

6 data, wherein the first hash is created at a secure site available only to the 

7 consumer. 

1 5. (Original) The method of claim 4, wherein requesting by the merchant 

2 that the financial institution authorize the financial transaction involves: 

3 creating a second hash of the financial transaction by the merchant; 

4 sending the secure envelope and the second hash to the financial 

5 institution; 
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6 decrypting at the financial institution the secure envelope using the private 

7 key of the financial institution; 

8 comparing the first hash with the second hash; and 

9 if the first hash is identical to the second hash, 

1 0 decrypting the encrypted account number to recover the 

1 1 account number for the account belonging to the consumer, 

12 verifying that the financial transaction is valid for the 

13 account, and 

1 4 if valid, authorizing the financial transaction. 

1 6. (Original) The method of claim 5, wherein verifying that the financial 

2 transaction is valid for the account includes: 

3 verifying that the second certificate was signed by the financial institution; 

4 determining that the account is valid; and 

5 ensuring that a transaction amount is not greater than an authorized 

6 transaction amount. 

1 7. (Original) The method of claim 4, wherein the secure site available only 

2 to the consumer is within the smart card. 

1 8. (Previously presented) The method of claim 1, wherein validating by the 

2 merchant that the financial institution identified by the financial transaction is 

3 acceptable involves: 

4 receiving at the merchant the first certificate; and 

5 validating that the first certificate was signed by the recognized certificate 

6 authority. 
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1 9. (Currently amended) A computer-readable storage medium storing 

2 instructions that when executed by a computer cause the computer to perform a 

3 method that facilitates secure electronic commerce, comprising: 

4 providing a consumer with a file of security data relating to an account 

5 maintained by a financial institution , wherein the file of security data is provided 

6 to the consumer on a smart card , and wherein the file of security data includes: 

7 a consumer identifier, 

8 a private key for encryption and authentication of data, 

9 a first public key related to the private key for decryption 

1 0 and authentication of data, 

1 1 an identifier identifying the financial institution, 

12 a second public key belonging to the financial institution, 

1 3 the account number that has been encrypted with a key 

14 known only to the financial institution creating an encrypted 

1 5 account number, 

16 a first certificate signed by a recognized certificate authority 

1 7 that validates the financial institution, 

1 8 a second certificate signed by the financial institution that 

1 9 validates the consumer, 

20 computer algorithms to use the file of security data; 

2 1 creating a financial transaction between the consumer and a merchant, 

22 wherein the financial transaction is protected using security data from the file, and 

23 - wherein the financial transaction is structured to contain an account number in a 

24 form that is undecipherable by the merchant, thereby prevent the merchant from 

25 knowing the account number for the account; 

26 validating by the merchant that the financial institution identified by the 

27 financial transaction is acceptable using security data from the file; 
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28 requesting by the merchant that the financial institution authorize the 

29 financial transaction; 

30 receiving by the merchant an authorization from the financial institution to 

3 1 complete the financial transaction; 

32 completing the financial transaction between the consumer and the 

33 merchant; and 

34 notifying the financial institution that the financial transaction is complete. 
1 10-11 (Canceled). 

1 12. (Currently amended) The computer-readable storage medium of claim 

2 44-claim_9, wherein protecting the financial transaction involves: 

3 creating a first hash of the financial transaction; and 

4 encrypting the first hash, the second certificate, and the encrypted account 

5 number using the second public key creating a secure envelope of transaction 

6 data, wherein the first hash is created at a secure site available only to the 

7 consumer. 

1 13. (Original) The computer-readable storage medium of claim 12, 

2 wherein requesting by the merchant that the financial institution authorize the 

3 financial transaction involves: 

4 creating a second hash of the financial transaction by the merchant; 

5 sending the secure envelope and the second hash to the financial 

6 institution; 

7 decrypting at the financial institution the secure envelope using the private 

8 key of the financial institution; 

9 comparing the first hash with the second hash; and 
1 0 if the first hash is identical to the second hash, 

6 
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1 1 decrypting the encrypted account number to recover the 

12 account number for the account belonging to the consumer, 

13 verifying that the financial transaction is valid for the 

14 account, and 

1 5 if valid, authorizing the financial transaction. 

1 14. (Original) The computer-readable storage medium of claim 13, 

2 wherein verifying that the financial transaction is valid for the account includes: 

3 verifying that the second certificate was signed by the financial institution; 

4 determining that the account is valid; and 

5 ensuring that a transaction amount is not greater than an authorized 

6 transaction amount. 

1 15. (Original) The computer-readable storage medium of claim 12, 

2 wherein the secure site available only to the consumer is within the smart card. 

1 16. (Previously presented) The computer-readable storage medium of 

2 claim 9, wherein validating by the merchant that the financial institution identified 

3 by the financial transaction is acceptable involves: 

4 receiving at the merchant the first certificate; and 

5 validating that the first certificate was signed by the recognized certificate 

6 authority. 

1 17. (Currently amended) An apparatus that facilitates secure electronic 

2 commerce, comprising: 

3 a providing mechanism configured to provide a consumer with a 

4 file of security data relating to an account maintained by a financial 
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5 institution , wherein the file of security data is provided to the consumer on 

6 a smart card , and wherein the file of security data includes: 

7 a consumer identifier, 

8 a private key for encryption and authentication of data, 

9 a first public key related to the private key for decryption 

1 0 and authentication of data, 

1 1 an identifier identifying the financial institution, 

12 a second public key belonging to the financial institution, 

1 3 the account number that has been encrypted with a key 

14 known only to the financial institution creating an encrypted 

1 5 account number, 

16 a first certificate signed by a recognized certificate authority 

17 that validates the financial institution, 

18 a second certificate signed by the financial institution that 

19 validates the consumer, and 

20 computer algorithms to use the file of security data; 

21 a first creating mechanism configured to create a financial transaction 

22 between the consumer and a merchant, wherein the financial transaction is 

23 protected using security data from the file, and wherein the financial transaction is 

24 structured to contain an account number in a form that is undecipherable by the 

25 merchant, thereby prevent the merchant from knowing the account number for the 

26 account; 

27 a first validating mechanism that is configured to validate that the financial 

28 institution identified by the financial transaction is acceptable using security data 

29 from the file; 

30 a requesting mechanism that is configured to request that the financial 

3 1 institution authorize the financial transaction; 
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32 a first receiving mechanism that is configured to receive an authorization 

33 from the financial institution to complete the financial transaction; 

34 a completing mechanism that is configured to complete the financial 

35 transaction between the consumer and the merchant; and 

36 a notifying mechanism that is configured to notify the financial institution 

37 that the financial transaction is complete. 

1 18-19 (Canceled). 

1 20. (Currently amended) The apparatus of claim 19 claim 17 , further 



2 comprising: 

3 a second creating mechanism that is configured to create a first hash of the 

4 financial transaction; and 

5 an encrypting mechanism that is configured to encrypt the first hash, the 

6 second certificate, and the encrypted account number using the second public key 

7 creating a secure envelope of transaction data, wherein the first hash is created at a 

8 secure site available only to the consumer. 

1 21 . (Original) The apparatus of claim 20, further comprising: 

2 a creating mechanism that is configured to create a second hash of the 

3 financial transaction by the merchant; 

4 a sending mechanism that is configured to send the secure envelope and 

5 the second hash to the financial institution; 

6 a decrypting mechanism that is configured to decrypt the secure envelope 

7 using the private key of the financial institution; 

8 a comparing mechanism that is configured to compare the first hash with 

9 the second hash; 
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1 0 wherein the decrypting mechanism is further configured to decrypt the 

1 1 encrypted account number to recover the account number for the account 

1 2 belonging to the consumer; 

1 3 a first verifying mechanism that is configured to verify that the financial 

14 transaction is valid for the account; and 

1 5 an authorizing mechanism that is configured to authorize the financial 

16 transaction. 



1 22. (Original) The apparatus of claim 21 , further comprising: 

2 a second verifying mechanism that is configured to verify that the second 

3 certificate was signed by the financial institution; 

4 a determining mechanism that is configured to determine that the account 

5 is valid; and 

6 an ensuring mechanism that is configured to ensure that a transaction 

7 amount is not greater than an authorized transaction amount. 

1 23. (Original) The apparatus of claim 20, wherein the secure site available 

2 only to the consumer is within the smart card. 

1 24. (Previously presented) The apparatus of claim 17, further comprising: 

2 a second receiving mechanism at the merchant that is configured to receive 

3 the first certificate; and 

4 a second validating mechanism that is configured to validate that the first 

5 certificate was signed by the recognized certificate authority. 
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